Intune management of Azure AD registered (not Azure AD joined) devices

Question

Intune management of Azure AD registered (not Azure AD joined) devices

Zen 41

Can Azure AD registered (not Azure AD joined) devices be managed by intune?

ex) update application on devices, upload logs to Log Analytics.

Accepted answer

2 additional answers

Your answer

Answer 1

@Zen, Thanks for posting in Q&A.

The device registered to Azure AD and enroll into Intune is consider as personal device. Intune can manage it. Based on my research, it supports to deploy win32 app. Microsoft 365 app and etc

https://learn.microsoft.com/en-us/mem/intune/apps/apps-win32-app-management#prerequisites

https://learn.microsoft.com/en-us/mem/intune/apps/apps-add-office365

For log analytics, it manages all MDM enrolled device. So I think it also support.

https://techcommunity.microsoft.com/t5/device-management-in-microsoft/microsoft-intune-and-azure-log-analytics/ba-p/463145

For the policy with windows Hello for Business, it only supports Azure AD join device:

https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy

But there are still many we can manage via Intune for these personal devices, I think you can try to use this method to manage some personal device in Intune.

Hope it can help.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

Rudy Ooms 701 MVP

Hi... In this blog below I am explaining the differences between aadj and aadr and what is working on aadr on what not (AADR can be managed with intune)

[https://call4cloud.nl/2021/08/the-battle-between-aadj-and-aadr/

Zen 41 Reputation points

2023-01-24T10:36:05.89+00:00

I've never seen such a detailed blog.

Thank you for letting me know. I will refer to it.
Rudy Ooms 701 Reputation points MVP

2023-01-24T10:42:15.77+00:00

Thanks!. As I got that question a lot I decided to write it all down. If you have any question left please ask

Answer 3

Zen 41

Thank you for your answer.

It turns out that there are a few things that can't be done without AAD joined.

I would like to ask just a few more questions.

Can I adapt Update rings for AAD registered devices?

And, Can't log in as an AAD user to AAD registered devices?

Crystal-MSFT 53,991 Reputation points Microsoft External Staff

2023-01-23T08:39:37.5+00:00

@Zen, Thanks for the reply.

For Azure AD registered device, it is only able to login local account. AAD user account is unable to login. For Feature update policy, it is not supported for Azure AD registered device.

https://learn.microsoft.com/en-us/mem/intune/protect/windows-10-feature-updates

For update ring policy, a BYOD scenario not supported for some enterprise scenarios like some of the newer Windows Update for Business policies.

If we want windows update ring policy, we suggest Azure AD joined type.

Hope it can help.

Share via

Intune management of Azure AD registered (not Azure AD joined) devices

2 additional answers

Your answer